Hi,
Anyone know how to enable this SMTP AUTH feature with Postfix?
Regards,
Jacky
On 7/4/2018 3:40 AM, Paul Hecker wrote:
Hi,
On 6. Apr 2018, at 18:58, Odhiambo Washington <odhia...@gmail.com> wrote:
Hi Paul,
Care to share your config (even OFFLIST) that has successfully integrated
Dovecot Submission service with Exim??
here the steps I have done to integrate Dovecot submission in Exim:
- Create and set the acl_smtp_mailauth ACL:
acl_smtp_mailauth = acl_check_mailauth
acl_check_mailauth:
accept
hosts = <; 127.0.0.1 ; ::1
condition = ${if eq{$interface_port}{10025}}
log_message = Will accept MAIL AUTH parameter for $authenticated_sender
deny
- add a deny fo all connections to 10025 without MAIL AUTH parameter in
acl_smtp_mail ACL:
deny
condition = ${if eq{$interface_port}{10025}}
condition = ${if eq{$authenticated_sender}{}}
message = All connections on port $interface_port need MAIL AUTH
sender
- in Dovecot, add the following submission parameters
submission_relay_port = 10025
submission_relay_ssl = starttls
submission_relay_ssl_verify = no
All the remaining parts of the Dovecot config is the default for submission
protocol/service, copied either from the sources (default config) or from here:
https://wiki.dovecot.org/Submission
Feel free is you have any further questions.
Regards,
Paul
I use Exim+Dovecot (Exim4U) and wouldn't mind exploring this.
Thanks in advance.
On 6 April 2018 at 19:15, Paul Hecker <p...@iwascoding.com> wrote:
Hi,
Thanks you very much. This did the trick!
On 6. Apr 2018, at 15:56, Stephan Bosch <step...@rename-it.nl> wrote:
Op 6-4-2018 om 13:52 schreef Paul Hecker:
Hi,
Dovecot 2.3.1 (8e2f634). Could not get Dovecot to forward the (plain)
authentication to the SMTP server using submission. Reason why I need it is
sender spoofing (do not want my employees to send messages in behalf of me).
In exim I can disable sender spoofing with the authenticated user. When sending
through dovecot, exim either does not accept the email (need auth) or relay
every sender address (because relaying from localhost).
Am I missing a setting or do I need any additional field in the (MySQL)
user_query/password_query to forward the password?
You can find my config here:
https://gist.github.com/lluuaapp/7daddf761131da47237b0f45e6bab5a8
That would be possible using the following SMTP AUTH feature:
https://tools.ietf.org/html/rfc4954#section-5
Which is apparently supported by Exim:
https://www.exim.org/exim-html-current/doc/html/spec_html/ch-smtp_authentication.html#SECTauthparamail
This requires explicit configuration, so it will not work out of the box.
Here is what I did:
I had to add the acl_smtp_mailauth to only allow this on a certain port. Then I
had to duplicate my code for sender spoofing for authenticated users and change
the $authenticated_id -> $authenticated_sender.
Besides that, I must use TLS (in my case STARTTLS) so that Dovecot actually
sends the MAIL AUTH parameter.
The Dovecot Submission service should support this too. It sends an AUTH
parameter with the MAIL command (currently only then the username is a valid
SMTP address). However, I must say, I haven't tested this recently.
I can confirm that it works (only with TLS with my current configuration, see
above).
I can try this in a few days. Feel free to experiment with this yourself.
Regards,
Stephan.
Thanks again,
Paul
--
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254 7 3200 0004/+254 7 2274 3223
"Oh, the cruft."
